Skip to content
Permalink
Browse files Browse the repository at this point in the history
Prevent passing in of monitor type that could contain invalid charact…
  • Loading branch information
jcameron committed Jul 10, 2012
1 parent 5295b8a commit ed73650
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions status/edit_mon.cgi
Expand Up @@ -9,6 +9,7 @@ $access{'edit'} || &error($text{'mon_ecannot'});
@handlers = &list_handlers();
if ($in{'type'}) {
# Create a new monitor
$in{'type'} =~ /^[a-zA-Z0-9\_\-\.]+$/ || &error($text{'mon_etype'});
$type = $in{'type'};
$title = $text{'mon_create'};
if ($in{'clone'}) {
Expand Down
1 change: 1 addition & 0 deletions status/lang/en
Expand Up @@ -104,6 +104,7 @@ mon_eremote2=Webmin server $1 could not be contacted : $2
mon_estatus=Webmin server $1 does not have the System and Server Status module
mon_ecannot=You are not allowed to edit monitors
mon_ertype=This monitor type is not available on $1
mon_etype=Invalid monitor type name
mon_runon=Run commands on
mon_runon0=This server
mon_runon1=The remote host
Expand Down
1 change: 1 addition & 0 deletions status/save_mon.cgi
Expand Up @@ -6,6 +6,7 @@ require './status-lib.pl';
$access{'edit'} || &error($text{'mon_ecannot'});
&ReadParse();
if ($in{'type'}) {
$in{'type'} =~ /^[a-zA-Z0-9\_\-\.]+$/ || &error($text{'mon_etype'});
$serv->{'type'} = $in{'type'};
$serv->{'id'} = time();
}
Expand Down

0 comments on commit ed73650

Please sign in to comment.